2
Non-Financial Risk (NFR) 2017 Deloitte Holistic approach: “An end-to-end and common approach to managing risk, starting with a link to the risk appetite framework, an inventory of risks and relevant controls, a consistent quantitative and qualitative assessment approach, and concluding with the ability to provide feedback and enhance the process.” COMPONENTS AND GOALS NFR Management Framework NFR Measurement & Monitoring Methodology Risk Identification & Taxonomy Deloitte’s Non-Financial Risk Management Framework will allow Financial Institutions to: Link NFRs to the bank´s Risk Appetite Framework (“RAF”) and articulate a more detailed Risk Appetite Statement (“RAS”) Articulate and communicate the NFR approach and resulting impact and benefits on risk culture and conduct Quantify relevant NFRs, define related limits, thresholds and triggers Assign clear roles and responsibilities Strengthen top-down communication, bottom-up reporting and external disclosure Extend NFR to all supporting policies, processes and controls and identify required technologies Supervisory expectations Understanding of the bank’s NFR profile Capital requirements Meet or even surpass evolving supervisory expectations Translate understanding of the NFR and risk management capability improvements into reduced cost of compliance and economic capital Demonstrate a comprehensive understanding and enhanced control of the bank’s NFR profile NFR TAXONOMY (Extract) PERFORMANCE DRIVERS AND METRICS Do the organizational culture and risk structures cover all risks including NFRs? 01 Does the framework provide the data and transparency to understand the risk profile of the organization and does it improve the decision-making process related to risk? 02 Does the framework provide complete evidence for internal and external parties that risk is properly identified and managed? 03 Risk Class Category Financial Risk Credit Risk Market Risk Interest rate Risk in the Banking Book Liquidity Risk Non-Financial Risk External Market Risk Operational Risk Compliance Risk Conduct Risk IT Risk Cyber Risk Model Risk Third-party Risk Strategic Risk Systemic Risk Reputational Risk KEY QUESTIONS POTENTIAL ECONOMIC CAPITAL IMPLICATIONS Source: Deloitte Banking Risk Intelligence Map@-extract; Draft as of July 2017, subject to change. Pillar I Capital Requirements Regulatory Calculation Pillar III Disclosure Transparency Pillar II Stress testing (e.g. CCAR-US, SREP-EU) Capital adequacy level Implications of non-financial risk management Tentatively, the regulatory calculation would not be affected by the proactive management of the NFR Improvement in the image and reputation Potential for increased investor and stakeholder confidence Management improvements increases alignment with real capital needs Improved internal control & capital scores Avoid or reduce add-on

Non-Financial Risk (NFR) - Deloitte · Non-Financial Risk (NFR) 2017 Deloitte ... • Articulate and communicate the NFR approach and resulting impact and benefits on risk culture

  • Upload
    vantu

  • View
    213

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Non-Financial Risk (NFR) - Deloitte · Non-Financial Risk (NFR) 2017 Deloitte ... • Articulate and communicate the NFR approach and resulting impact and benefits on risk culture

Non-Financial Risk (NFR)

2017 Deloitte

Holistic approach: “An end-to-end and common approach to managing risk, starting with a link to the risk appetite framework,

an inventory of risks and relevant controls, a consistent quantitative and qualitative assessment approach, and concluding with

the ability to provide feedback and enhance the process.”

COMPONENTS AND GOALS

NFRManagementFramework

NFR Measurement & MonitoringMethodology

RiskIdentification

& Taxonomy

Deloitte’s Non-Financial Risk Management Framework will allow Financial Institutions to:

• Link NFRs to the bank´s Risk Appetite Framework (“RAF”) and articulate a more detailed Risk Appetite Statement (“RAS”)

• Articulate and communicate the NFR approach and resulting impact and benefits on risk culture and conduct

• Quantify relevant NFRs, define related limits, thresholds and triggers

• Assign clear roles and responsibilities

• Strengthen top-down communication, bottom-up reporting and external disclosure

• Extend NFR to all supporting policies, processes and controls and identify required technologies

Supervisory expectations

Understanding of the bank’sNFR profile

Capital requirements

Meet or even surpass evolving supervisory expectations

Translate understanding of the NFR and risk management capability improvements into reduced cost of compliance and economic capital

Demonstrate a comprehensive understanding and enhanced control of the bank’s NFR profile

NFR TAXONOMY (Extract)

PERFORMANCE DRIVERS AND METRICS

Do the organizational culture and risk structures cover all risks including NFRs?

01

Does the framework provide the data and transparency to understand the risk profile of the organization and does it improve the decision-making process related to risk?

02

Does the framework provide complete evidence for internal and external parties that risk is properly identified and managed?

03

Risk Class Category

Financial Risk

• Credit Risk

• Market Risk

• Interest rate Risk in the Banking Book

• Liquidity Risk

Non-Financial Risk

External Market Risk

• Operational Risk

• Compliance Risk

• Conduct Risk

• IT Risk

• Cyber Risk

• Model Risk

• Third-party Risk

• Strategic Risk

• Systemic Risk

• Reputational Risk

KEY QUESTIONS POTENTIAL ECONOMIC CAPITAL IMPLICATIONS

Source: Deloitte Banking Risk Intelligence Map@-extract; Draft as of July 2017, subject to change.

Pillar I

Capital Requirements

Regulatory Calculation

Pillar III

Disclosure

Transparency

Pillar II

Stress testing(e.g. CCAR-US, SREP-EU)

Capital adequacy level

Implications of non-financial risk management

• Tentatively, the regulatory calculation would not be affected by the proactive management of the NFR

• Improvement in the image and reputation

• Potential for increased investor and stakeholder confidence

• Management improvements increases alignment with real capital needs

• Improved internal control & capital scores

• Avoid or reduce add-on

Page 2: Non-Financial Risk (NFR) - Deloitte · Non-Financial Risk (NFR) 2017 Deloitte ... • Articulate and communicate the NFR approach and resulting impact and benefits on risk culture

Non-Financial Risk (NFR)

2017 Deloitte

MEASURING AND MONITORING NFR

QUALIFICATIONS

COMPONENTS OF AN INTEGRATED NFR IMPLEMENTATION FRAMEWORK

Culture

Interpret and implement the legislation in banking context

Efficient interpretation and translation of legislation into bank-specific terminology and data sourcing

International team and global network

Bring best practices for international banks based on Deloitte’s understanding of the varying local requirements and data delivery approaches resulting from the scope changes as adopted by local Competent Authorities

BUCF

Collaboration on an international level through the Banking Union Center in Frankfurt (BUCF) and the EMEA Center for Regulatory Strategy (ECRS) providing fundamental views on regulatory changes and issues

Expert knowledge of Operational Risk

In-depth knowledge and understanding of Basel regulations

Experienced professionals

Senior professionals with broad-based and relevant experiences in regulation, audit and advisory

Combination of quantitative and qualitative approaches to reach a score:

The Three Lines of Defense have an integrated role in the framework; results can be used as inputs for capital calculations, with potential substantial benefits.

Technology

Firms should consider using innovative tools and techniques to monitor and control risks

Reporting

Common reporting framework, where risks are monitored and communicated consistently across all lines of defense

Risk Appetite

The entity should identify its potential NFRs and decide how much it is capable and willing to assume

Governance

Entities should adapt the governance to include NFRs

Measurement and monitoring

A qualitative and quantitative methodology is necessary in order to measure and monitor NFRs; as an emerging discipline, Non-Financial Risk Managers will be obliged to create and implement a methodology relatively quickly

Risk ID

The experience with operational risk is that banks’ capabilities can inhibit timely identification and mitigation of new and emerging risk types; this could be an early challenge for Non-Financial Risk Managers

Supervision and control model

The ability to leverage a rationalized inventory of controls across a wider spectrum of risks and processes is likely to result in cost and efficiency benefits that can support the business case and early buy-in

Supported and enhanced by Deloitte`s Non-Financial Risk Management Framework

Risk

Assessment

System

Control level

gap analysis

Qualitative gap

analysis

(integration into

management)

Target

model and

definition

of action

plan

Score

obtained

Score

obtained

RAF

Final score Reporting

Quantitative

measurement -

level of control

Qualitative

measurement -

questionnaires

Processes

Controls

Risks

Target model and action plan2Measurement and monitoring of NFR1

Qualitative assessment

• Combines results from the processes and control map quantification with management questionnaires

Quantitative assessment

• Considers different KRIs for each eligible Risk Category and Sub-Category

• Aims to avoid subjectivity through a frequency and impact quantification

Europe’s most ambitious integration project since the Euro.

The Banking Union initiative represents a fundamental innovation in supervision of financial services with significant consequences for the structure of the banking sector in the Eurozone and beyond, affecting business models and strategies.